[00:00:00] Speaker A: So if one were to adopt the zero Trust architecture approach, my recommendation is actually to go through data analysis of any given environment, identify the data classification, identify the most critical data, and then start working backward in the five pillars of zero Trust.
[00:00:21] Speaker B: This is KBCAT as primary target for ransomware campaigns, security and testing and performance risk and compliance. We can actually automate that, take that data and use it.
Joining me back on the show is David Chow, global Technology Strategy Officer from Trend Micro. And today we're discussing the influence of global economic and political events on the state of cybersecurity. So, David, thanks for joining, and welcome back again.
[00:00:49] Speaker A: Thanks for having me.
[00:00:50] Speaker B: So there's a lot going on in the world, as we know, and as you know. So maybe how do you sort of see economic and political events impact the state of cybersecurity? I mean, what's your view? What are your thoughts?
[00:01:04] Speaker A: Yeah, there's a lot happened in the past 1015 years, and everything that happened actually impact cybersecurity. So starting out looking at it from economy standpoint, that when Trump got elected, he really started pushing for this US China trade war. And that has quite a bit of implication on cybersecurity. And I'll get into it a little bit. And then along with that, you see the COVID situation that happened. And then each country is actually becoming more isolated rather than continue to go through this globalization, the US debt ceiling exceeding $1 trillion, which is prompting China to find other trading partners. And then at the same time, that just in the past couple of years, the global economy downturn, as well as high inflation, those are a lot of economic impact to any corporations. It's not just entities within regions happening across globally. And because of that, it's actually creating a lot of people that's taking advantage of some of the slowness, the deglobalization of countries to defend against cyber threats. And then it's actually prompting much more focus on various attacks, different methodologies. And then essentially that wanting to gain that monetary, wanting to have the monetary gain, for one. And second, if you look at a lot of political issues going from US elections, there's a lot of different claims on election fraud going to different presidents being elected, and then how that's actually moving forward with different politics, political dynamics, and then leading into a lot of geopolitical issues. We know the Russia Ukraine war, we know the North Korea threat, we know the China versus almost the world, China versus Taiwan, China versus various countries, and then the always ongoing, the crisis within Middle East. So because of that, that's also adding to the nation state sponsored attacks, the various attacks, that's more from the country standpoint. So you're seeing that there's less and less trust between countries, amongst different countries, and hence the deglobalization of various countries, the lesser alliances. And then you see more from the cyber threat perspective, the attackers, they're actually gaining up by leveraging various technologies and then be able to enhance the monetary gain or be able to achieve the nation state sponsor attacks. We saw some of the technology enhancement in the past ten years. Right? So for one, that cryptocurrency, and because of unregulation of cryptocurrency, it's leading into a lot of cyber threats. Cyber ransomware, we see the social network, we see a lot of application, Twitter or X Facebook. People are putting their lives out there, putting their information out there. So it's actually prompting these attackers, these third actors, to be able to obtain information and going through social engineering, going through a better, much more complex cyber attacks, or going through some sort of target efficient emails, so that they're able to be increasing their success rate in terms of getting those phishing, getting somebody to take a bite on the phishing attack. And then we have the COVID that happened, which people are much more dependent on technology, and then globally, it's not just within one region. And then with the artificial intelligence, in the past year, there has been a lot of deep fakes using AI to create much more advanced and persistent cyber threats.
And I can also see that moving into the future with deepfakes. With AI, there's going to be some identity CRIs, people are copying other people using artificial intelligence. So combination of all that, along with economic and political impacts, that's actually creating a lot of complex, difficult situation for any IT specialist, any cybersecurity specialist, to be able to send out any cyber attackers.
This is becoming a much more complex landscape to defend against.
[00:05:25] Speaker B: Wow. When you rattle everything like that off, there's a lot. Right, okay. A couple of things come in my mind as you're speaking, and I appreciate you being very thorough of that response, because these things do matter. And giving the details, would you say executives generally are aware of everything you sort of listed off, that the cybersecurity side of it has impact on downstream impacts of our society? Because I don't know for sure if people are aware of the flow on effects of everything that's happening. What's your view?
[00:06:01] Speaker A: So, honestly, I was a C level, I was a practitioner, CIO as well as CISO in the past when you're actually combating issues on daily basis, you're not going to have time to really sit back and look at globally, look at regionally what's right. So it's really when I start taking on my current job, I get the chance to travel globally, I get the chance to talk to a lot of practitioners. I also get the chance to talk to government entities. I travel to Asia, I travel to Australia, I travel to Europe, and really wanting to get those information. And I'm seeing that there's a trend in terms of how this has come about, in terms of elevating cyber threats in the past 1015 years. It's not just singularly attacked now, it's much more complex. So back in 2010 ish, within us, we have massive and consecutive breaches, privacy data breaches. We have target, we have Sony, Home Depot, even within our office, personnel management within US government, which is actually the HR for the overall government, there are millions of records. Federal employees, citizens, their privacy information were lost or their privacy information were exposed. And at that time, that was actually the biggest threat. When I was a CIO back in 2018, my biggest threat was actually defending against privacy data leak or privacy data breach. But then within a matter of one to two years, by 2020, there's actually becoming much more geopolitical issues. So back in 2020, when US was actually occupying Afghanistan, Iran actually fired missile over to Afghanistan. And because of that act of aggression, I can observe within my agency, government agency, that there's a lot of data traffic coming in and going out to the Middle east region. We have to actually use security operating center, use the necessary monitoring to really defend against, and to go through investigation and find out whether those are legitimate traffic. So I would say that now it's becoming much more complicated. And then for the sea levels, I think most of the sea level, even when I was in my shoes, I was just looking at how do I make sure that I'm putting out my flyers for the day. I'm planning on digital transformation, pushing forward on cybersecurity maturity. But I'm not really seeing how I can actually link up different current events or different issues and finding a proper way to really address, rather than finding that comprehensive strategy. I'm basically deploying point solutions or solution at one point to mature my environment instead of looking at ways that I need to prioritize my risk and really focus on the risk mitigation for those prioritized.
[00:08:53] Speaker B: Yeah. And this is the part where it gets really interesting, like how it's all there's interdependencies as well. So it's like you think you're dealing with one problem, but you're actually sort of dealing with like 50 back in the day. Even using your analogy, 2010, you was like, you're totally dealing with one singular thing, but all these things now are all interconnected, interrelated. And you mentioned something before, people are so busy doing day to day stuff, which I can appreciate and understand, they don't have the time to sort of sit back and look much to what you're doing now with your role. So how do we draw that correlation then? So I guess people are busy, but then people need to understand the reality of what's happening. So how can people start maybe doing that by. There's a lot of stuff going on, and it's hard to just necessarily pay attention to everything. But is there any sort of advice you can provide around. Well, yes, all these things are going on. I need to somehow start paying attention because these things could creep up on me and I could have a much bigger problem than what I thought I had.
[00:09:46] Speaker A: Yeah, I think there are two aspects. One is to obviously get immersed in more information, get immersed in podcasts such as yours, as well as different areas where there are going to be information shared by other sea levels or other executives or people that can actually share global trends. So just on the commuting back home, listening to a podcast, talking about some of the current events, that could actually help into provoke some thoughts in terms of how the sea level is dealing with their environment. And are they seeing the bigger pictures or are they so busy focusing on putting out the fire or just handling the issue at hand? That's one aspect. The other recommendation is that it still goes back to risk management. It still goes back to what's critical for the enterprise to deal with. Right. So even though there's a lot of global event that's happening. So, for example, regulation of cryptocurrency, with some sort of regulation, there's probably going to be much less ransomware attacks. But that's not something that any average citizens or anybody, even sea levels can actually have that enacted. Right. I think a lot of it require globalization of governments coming together and really tracing down, cracking down on cryptocurrency. So if you don't have power to actually enact that, yes, you should be aware of it. But the bottom line is that still focus on what's the priority ahead within any given enterprises and wanting to make sure that you're building based on the risk management principle.
[00:11:26] Speaker B: Right.
[00:11:27] Speaker A: We talked about Zero Trust. Zero Trust has been the buzword for the industry since 2022, when President Biden pushed out the Zero Trust Architecture Executive Order. So people are still talking about zero trust. And even though everybody's saying that it's framework, but everybody, all the vendors are coming up with solutions. But the bottom line is that when you deploy zero trust, is it a sound investment? Is it an investment that can actually take you to a longer duration or to a higher maturity level? Or is it just a buzword that people are buying because people are focusing on that? So I think it goes back to the C levels having to focus on the bottom line. What's the risk tolerance within the organization? How do I prioritize my risks and then apply my valuable resources to address those risk areas? And how is that stacking up to the global events? Do I have ways to influence the global events or any policies? Or perhaps I need to be aware of it by focusing on what's at hand, the crown jewel of my environment, which is data.
[00:12:32] Speaker B: Do you think the hard part for people is, to your words, link up all their current events? It's like one thing to understand your own company that you're protecting, but then all these other things that you listed off at the start of the interview, do you think it's hard then to understand from a risk point of view how that impacts an organization? Is that where you're sort of seeing some of the dissonance from people?
[00:12:51] Speaker A: I think people, like I said, because people are looking at addressing their daily, I mean, they have their daily jobs, so they're addressing those issues and at times that they're not making the necessary connection. And seeing that globally, what's impacting, for example, we talk about geopolitical, political risk, that probably continent. For example, Australia probably doesn't have as much of a risk compared to countries like Taiwan, country like Singapore or Japan or even or South Korea. So at times that having the understanding that there could be potential geopolitical issues, but then understanding that how that's framing up within any enterprise, I think that's a critical relevance that the CIO or the CISO needs to actually go. So, for example, this situation I just gave, right? So in Australia situation, the focus is probably not as much on geopolitical issues, understanding that there are issues, understanding that there are bad actors, nation state sponsor attacks, understanding all that. But then the focus is probably more on what's at hand, right? So I know that in the past year there has been a lot of data privacy protection issues. And then even though the Australian government is really pushing down policies to ensure that there's a better protection. So if that's the overarching priority for the nation as well as for enterprises to align to the nation risk management, then I would say that, yeah, that's probably a higher priority compared to a geopolitical risk within the area. So I think it's really going back to risk management, what's relevant, what's critical to any enterprises, and how does enterprise play a role into that relevancy within that global context or within that regional context?
[00:14:48] Speaker B: So let's sort of switch gears now and maybe focus on, you mentioned it before, the China and US trade war, but maybe let's get into a little bit more detail. So that is what you mentioned before, and deglobalization of cybersecurity between countries. So maybe talk a little bit more in detail, because you are right. In Australia, we're probably a little bit more removed from the geopolitical stuff, just purely based on we're a little bit more not on the front line of these things. So I think it'd be great to get your understanding about what's happening and what you're seeing, what your view is.
[00:15:17] Speaker A: Yeah. So when I travel, actually, I went to Taiwan a couple of times in the past three months, and obviously Taiwan is in the middle of this geopolitical issues. And Taiwan felt like, I talked to government officials, I talked to enterprises, they feel like they're stuck in the middle between us as well as China. Are they part of China or are they more of an independent? So that's actually a very interesting topic. But then it's actually something that came when Trump was elected as president. He started pushing, taking a harder stance on China and really pushing back not only on the trade relationship, but also on the technology. We know about the Huawei case, which actually a lot of the Chinese technology has been banned within the US. And then when Biden took over, and President Biden took over, he continued the same methodology or same approach, to the point that now it's becoming a lot of tension between the two countries, as well as any allies associated with both countries. So that's a critical issue because we all know that each country, I mean, China does it, Us does it as well. There are hackers, nation state hackers, right, attackers, but their job is to get into their systems, to the country system, to exploit, to identify information, useful information, or potentially creating chaos, or potentially to obtain information. So those are the objectives that these people are going through. But when you have this tension between two superpowers globally, that's creating a lot of downstream impact. So not only politically, not only from the economy standpoint, but also from cybersecurity, because there is a lot of association. For example, if you want to do business within the US, US is going to be clearly identifying, saying that you need to go through your supply chain analysis, that you want to do business with us. You can only be within all the sources needs to come from these countries. There cannot be any tie with China. So from a US standpoint, yes, that's a security concern. But at the same time, for a global company that's actually doing business with both China and with us, that's creating a lot of cushion, a lot of impact to the overall success of that company. So where do you choose? Do you choose to align with five Eyes, or do you choose to align with China? Or do you have to find a middle ground? So that's creating a lot of issues there. And the bottom line here is that, especially coming out of COVID when each of the nations are physically isolating themselves from different countries because of fear of spreading of disease, I think people are getting into mindset that they want to contain within their own environment. And there's actually not as much of a trust compared to before. Pre COVID compared to before. So the lack of trust and lack of globalization also means that there is silo defense as well as an effective strategy against any global cyberattacks. So these attackers, they're actually mobilizing, coming together, finding various sources to find the exploit for enterprises. But for enterprises, they do not have that global presence of government entity or multiple government entity that they can rely on. So essentially, they have to create their own defense. And by creating their own defense, it's not as easy. And also it's much more expensive because each one is creating its own defense against the global cyber attackers.
[00:19:01] Speaker B: Okay, so many things going on in there that I really want to address a bit more. You make a great point. Downstream impacts, it's something that. Why run the shows that I do? Because these are the things that there's flow on effects that maybe people in security just look at their problem in isolation. But there are all the things you've just listed out. So that's what's really important to me. You mentioned before about the Five Eyes. Well, I guess your backs against the wall. I mean, if I'm a shame citizen, a government can't be like, oh, well, we're not part of the Five Eyes anymore. We're going to side with China. So I guess that those things, it creates so much then complication, because I do hear your point, and Australia did not roll out the Huawei thing as well, which created our own tensions. Then I think there was a bit of backwards and forwards with our government and the Chinese government about we're not going to buy a whole bunch of stuff from China in terms of manufacturing. Then they've gone on the bandwagon of the sovereignty piece, which you're probably well aware of. So are we going to start to see countries now just being fully independent, fully sovereign? There's not going to be a lot of international trade or what are your thoughts? And I know there will be still elements of it. But do you sort of see moving forward, companies are going to be more sort of self sufficient or self contained?
[00:20:14] Speaker A: So I see from supply chain perspective, I think you're going to see a number of companies actually, we talked about in the past having some sort of industry growing from ever changing landscape and cybersecurity. I think you're going to see a lot of companies or a lot of certification type of company that they can actually come in here and help you and help you to achieve a certification for supply chain. Right. So in this case, if we're saying that US is targeting China, a little ironic that iPhone 15 just came out and US government is a huge buyer of iPhones from Apple, but iPhones are manufactured in China. So if you're saying that you cannot buy China, well, first of all, political message has been Buy America. Right? So by America, yes, you're buying from Apple with American company, but at the same time that they're shipping all the jobs overseas. And that's not the intention for Buy America. The second part is that you're talking about the supply chain issues. The supply chain issues where we do not buy from Huawei, we do not buy from any company, any Chinese companies. And when you have your software capabiliTy, you need to certify that you actually meet the supply chain requirements, that there is no Chinese involvement or China involvement. What about iPhone? Right.
I don't really have an answer here. I'm actually a little perplexed, especially after working. I've worked in government, US government for 20 years. I see this back and forth. I don't know. I do not have an answer here. It's really interesting that what is going to be the future? Are we continue to go down this route? Are we going to having some sort of a collaboration or discussion to make sure that there is some sort of pact between countries? You talked about the data sovereignty issues. So I think for that, what I can see is that, again, it goes back to the current events that's happening in different regions, and different regions have different needs. Right. So we talked about Australia. So with all the data privacy protection, I would imagine that going forward, continue to move forward, there's going to be a data sovereignty requirement to ensure that the data, especially citizen data, does not go out. Right. So from political standpoint, from privacy data protection standpoint, I mean, that makes sense. And also, in comparison to a country like Taiwan. So Taiwan is going to be a little difficult. Taiwan has this geopolitical risk with China, but then also at the same time, that in order to have continuity of operations, Taiwan is too small to have that continuity of operations, to have physical data centers to host data. But do you factor in this data sovereignty issues that your data cannot leave the country? If you cannot leave the country, how would they ensure that there's proper data when there is disaster or when there's some sort of attack to ensure that there's continuity of operations?
Okay, so once you solve all that, and this is actually a discussion point that I was having discussion with Taiwan government. So if that were to happen, then now you're willing to put the data into cloud, and perhaps not cloud within Taiwan. Where would you put your cloud? Right. So now your data sovereignty is somewhat skewed, but then the cloud ownership, which country actually is going to host your information? And that actually creates additional geopolitical risk and sensitivity issues. So, again, I think a lot of it really depends on the regions, depends on what are some of the risk that this region, this country, this area is actually facing, as well as some of the current events that's happening and prompting the government to take certain action or focus in. Within certain area.
[00:24:20] Speaker B: This is the part that gets me in going back to your iPhone 15. You're so right. Look at your home router that's being manufactured in China. It's not being manufactured here in Australia, United States. It's there because it's cheaper to do it and they're faster at doing it. I was talking to someone the other day who manufactures, like, boxes here in Australia for data centers, and they're like, everything we can do here in Australia, apart from even the power cord, there's just nowhere else we can get it from. So I think people don't think about it. They just think, oh, okay, we'll go buy an iPhone, and I don't have to think about where it gets manufactured. But do you think people are starting to become aware because the US government comes out and say we're not buying anything from China. But then, well, where's your iPhone come from? Where's your laptop come from? Not coming from the US in terms of manufacturing. So how does that work?
[00:25:09] Speaker A: I think it's to me and honestly, this is my personal opinion, working 20 years in the US federal government, it's becoming more of a political message that we're buying from America, we're not shipping the jobs overseas, we're haven't retaining all the jobs where we're supporting American Corporation. But I think that's first and foremost that's where people are focusing on in terms of this whole supply chain risk. I know Apple has actually taken steps to identify a manufacturing plant, for example like Vietnam or somewhere else or MexicO and some other cities that doesn't have as high of a sensitivity. But can you guarantee that all parts within an iPhone is actually not produced in China? I think it's going to be very difficult. Right.
I think at times that people just don't really think about it. But that's a challenge that I'm glad that I'm not in a position that I'm not a political figure that I need to be able to defend or I need to be able to argue this point.
[00:26:17] Speaker B: Yeah, look, I think it's an interesting thing. But then here's the next part that starts up. So then going back to the Russia Ukraine war and obviously I don't live in the US, so I don't know specifically all the ins and outs of how everything was. But it created the inflation here because then there was a point where people couldn't even get building materials and then building companies were going bankrupt here. Then the flow on effects, the downstream, it just kept going. And because we're so far away from everyone takes longer, it's harder. So those three months, six months back orders, people couldn't buy cars for twelve months because the part was being manufactured in Russia or one little part on a car was being manufactured in Russia. So then the sanctions in place, so we can't get it. So where are we going to get it from? Well, no one else does it. So it's like all of these things by the interdependencies, that's the part that people really need to understand that these things are all connected. That one little part on your car could stop the whole supply chain.
[00:27:16] Speaker A: Yeah, absolutely. And that component in the car could also tie into the central unit, the CPU unit within your car. And essentially it's becoming like a back to. It also goes back to supply chain issue. Do you really want to take sanction against China and Russia?
What's allowed, what's not allowed in this situation? So perhaps nobody will get a car, or you just have to wait for a different way of getting that supply, that particular part or various parts. So that's actually very.
I don't have an answer there. Right.
I start thinking about this.
I see that.
What's the point? Where are we going with this? We're going with all the entire trade war. Okay, I get that. But essentially, there's going to be give and take. And also the bottom line, especially, we're talking about cybersecurity here. It's actually impacting cybersecurity at one point or the other, right. Either people are taking up more risk or there's more attacks, or perhaps the outcome of those parts actually has some sort of monitoring or information ciphering capabilities. So where do we start? Where do we end?
It's difficult enough for the sea levels, for the IT specialists, for the cybersecurity personnel. Imagine this is applying to average citizens who probably doesn't have much of it, or cybersecurity background or expertise.
And this is not going away.
We're just in the middle of it. The war is still going on. People are saying that by 2025, China could start attacking Taiwan. So where do we get. And then also there's election, US election next year. So currently, based on the poll, Trump is leading by 8%. So what's going to happen? So there's a lot of uncertainty globally and definitely is continued to create more impact from the cybersecurity fund.
[00:29:17] Speaker B: Absolutely. And I think these are the things that I'm super interested in because it's a little economy in what we're talking about, like going back to the Russia Ukraine thing, and then the sanctions in place, then inflation went up, then all of a sudden, know, people without jobs and all the tech jobs that got laid off in the US, and that curls a problem. And then it just keeps spiraling, right? And now people complaining, saying, okay, well, we need a pay rise because we can't afford it because there's a sanction in place. Oh, well, the company's like, well, we're not making enough money, so we can't just give you a pay rise, John. It's not as simple as that. So then it just keeps spiraling. So then what happens now? And I don't expect you to have any answers. It's more just a chat to bring awareness to people to start thinking along these lines. I mean, I speak to a lot of people around the globe, and this is probably the first chat I've had on geopolitical stuff in probably a long time, if at all. So what does happen now, David? What do we do? What should people start paying attention to? What should people stop doing? Start doing. Do you have any thoughts?
[00:30:15] Speaker A: Well, people should continue to have that awareness, right? Because this is going on, this is current event that's currently going on shaping the overall cybersecurity industry, the IT industry, the overall global economy. So this is what's going on. People should definitely pay attention to it. But on the other hand, it's not that just because some political figure is saying this doesn't mean that it's accurate, right? It doesn't mean that it's always great. And even like the stuff I'm saying, people can challenge it. So I think people needs to be aware of it and also understanding, do their own research and really identify whether it's true or not.
From what I can see is that I can see a trend where because of the Ukraine and Russia war, because of the cyber attacks, I can see that there are countries, for example, like Germany, they were so anti cloud in the past, and I can see that now they're loosened up, even Taiwan, the same way they're loosened up. They're starting to think that, okay, so if somehow for Germany is like, okay, so Russia and Ukraine, somehow they got involved in this war. They got pulled into the war. How do they ensure that there's continuity of operation within their environment? If Russia decides to do a attack on Germany and then for Taiwan, similarly, rather than having China to take by force, if China decided to just attack the utility, the critical infrastructure, the financial industry, as well as the supply chain from the food standpoint, to isolate the entire island of Taiwan, they can just do the attack. And if there is not a cloud approach having some sort of redundancy, like a continuity of Operation plan in place, then it's going to be very difficult for these countries to continue to prosper. But they think that is becoming a real issue that people are seeing from the geopolitical risk, at least from the government standpoint. They're shifting their mindset. They're looking at exploring various technology to help them to ensure that they're reducing the risk from this geopolitical impact.
[00:32:28] Speaker B: So let's talk about nation state attackers, or you mentioned before about pooling resources. So what does that look like when you say pooling resources, you're talking about country to country, or we're talking like, what specifically? And what does that look like then moving forward?
[00:32:44] Speaker A: Yeah. So as we see, and as we talked about how globally there is a deglobalization of alliances, especially in this ever changing landscape and cybersecurity, you're seeing a different effect from the cyber attackers. Right. So in the past, the cyber attackers, probably they're focusing silo, focusing, attacking within their country, but now they're sharing through the dark web. They're sharing information across the board in the dark web. They're sharing methodologies, they're sharing the approach on hacks and even information from the corporation that they have hacked into. And also, at the same time, that in the past, there could be potential language barriers. But with all the translation apps, especially with artificial intelligence, now, they can actually converse very easily amongst each other, but then also identify a way of attack that's more customized to the culture of that specific country or people that they're targeting towards. So that's actually kind of scary. And I think a lot of people talk about the fear of AI, right, the Terminator where the Skynet is going to take over the world. I don't think we're quite there yet, but I do think that with artificial intelligence is actually creating much more poor resources for these cyber attackers to be able to use machine learning to create persistent, continuous learning attacks, to be able to eventually exploit, finding ways to get into corporations.
And then for the social engineering as well as for the phishing attack, they can be much more specific and target and be able to craft a really well targeted phishing campaign to be able to push against these individuals. So that becomes a little scary there. And I think that's what we're facing right now. And because there's not a collaboration across countries, or at least it's very minimal. So what's happening is that people are pushing this forward. They get caught, okay? So they just move on. There is not like a cohesive collaboration of country to country, a penalty that's imposed by a collaboration of different countries. So one can start pushing this out, let's say, in one of the countries, and then maybe with help with some of the local helps. And then eventually, if they get caught or something happened, they just move on to the next country, and they can actually do this, repeat this over and over and over. So this is actually kind of scary in terms of the lack of response or the lack of adequate and efficient responses globally from all the global governments against this gain of cyber attackers.
[00:35:35] Speaker B: Why do you think there's a lack.
[00:35:36] Speaker A: Of response, meaning that. Okay, so within the President Biden executive Order, he actually talked about that there needs to be more of a global approach in terms of bringing countries together to make sure that we're forming a way to monitor as well as punish these cybercriminals. But the issue here is that it takes time. Right. So am I working us government for 20 years? I know we can push this. There's a lot of political impact, a lot of political dynamics as well as policy that needs to be formed. How do you account for who actually prosecute, which country you actually prosecute, under which type of law? So there's a lot of issues that needs to be hammered out. And I think that executive order was pushed out this back in March, this 2023. So we're not making the necessary progress needed to ensure that we're enforcing against the cyber attackers.
[00:36:35] Speaker B: That's another problem. I've spoken at length about exactly that. I've spoken to a guy in the UK, ex law enforcement around. Do people actually get caught? 2% even under. If that. How do you know? How do you know specifically who it was? There's no treaty in place. You don't forget about it. There's so many other things and variables that go into never finding the person. If you do find the person, exactly how do you prosecute them? In which country? Bit different if you go out and you punch someone in a different country, because it's physical. Whereas when you get into the cyber world, it's very hard to trace back the little breadcrumb trail at times. I mean, criminals make mistakes and they are found out, but again, they're doing it in Timbuktu, and there's no treaty with the US. They're not coming back. Can't force them to come back.
[00:37:18] Speaker A: So then what happens where? It's interesting that last year when I was at RSA conference, I actually met up with the cybersecurity ambassador from Netherlands. So she was actually asking about it. She was asking, is us going to take charge? What's going on? Are we looking to have some sort of collaboration? And she's very willing to do that, just coordinating people within Europe, her counterpart within Europe. But we're not seeing that the momentum moving as fast as needed.
[00:37:49] Speaker B: Have you actually. I mean, there's more prominent ones out there, but do you know anyone that's been caught from a cybercrime that's sitting in prison? What happens when someone gets caught? What happens to these people? And on how many charges? I guarantee you there's probably more people sitting in prison that have probably done, yes, bad things, but maybe less bad things in terms of a cybercriminal, but can't be found, nowhere to be traced, not in countries where we can get them back to prosecute them.
[00:38:14] Speaker A: What do you think about know, we actually partner with Interpol and we provide support to Interpol. And recently that Interpol has cracked a few cases. The question is that there's many more. So we talked about, I think there was a study that shows that last year cybercrime occurs once every nine minutes and this year is once every eight minutes. Right. But this study is only focusing on cybercrime that's being reported. There's a lot of cybercrime that's not being reported. People just pay off ransomware, or perhaps it's small amount or perhaps it's mom and pop store that got hit. So those are typically not reported. So there is probably much higher number. The issue here is that how do we enforce that consistently, uniformly across the board, from country to country, and which country is actually taking charge? What's the authority to move forward with it? So currently there is not, there is not consistency across the board. So that's a real issue that we're facing here.
[00:39:20] Speaker B: Do you think the US will try to take charge of that?
[00:39:22] Speaker A: Well, I hope so. I mean, it's actually outlined in the executive order that we need to start working with various countries to establish that. So I know it's in the president's.
[00:39:33] Speaker B: Plan, but when that plan will happen, it takes time. It's difficult. Right. It's not something you just flick on all of a sudden. The plan is working.
There's a lot of complexity to these problems.
[00:39:44] Speaker A: Yeah. And also there is election next year. Is it going to be a focus moving into next year or the election is going to be the focus. And also if Biden doesn't get reluctant, what happens to zero trust, things that's associated with the current administration? Could it be changed to something else? Could it be something that the new administration wants to have different ideas or come up with something different?
Those are a lot of unknown that's happening.
[00:40:12] Speaker B: So you mentioned before, just quickly, just to wrap up, you were saying, do you think it is a sound investment around zero trust? Do you think it is a sound investment?
[00:40:18] Speaker A: So the way that I would go about it is, and I actually pushed zero trust when I was the CIO at the government agency. And my approach of pushing Zero Trust was really finding a common marketing campaign slogan. So for non it people, especially my senior leadership as well as. And essentially I was obtaining budget from Congress, making sure that people that perhaps may not have the necessary understanding of cybersecurity and it, but they can hear the terminology. It's easy enough for them to grasp and I think that's actually fairly effective. But the issue here is that zero trust has five pillars, the very last pillar from left to right, and typically that very last pillar is data. But to me, I think if you go back to the Risk Management Foundation, I think the Zero trust framework is a good framework. It actually touch upon a lot of different areas, but there needs to be focus on the people side on the process as well. It's not just focusing on technology, but at the same time that how do you efficiently push out zero trust, or push out a cybersecurity mature environment, or going back to the risk management approach, that you have finite resources, you prioritize your risk and you address your risks. So if one were to adopt the zero trust architecture approach, my recommendation is actually to go through data analysis of any given environment, identify the data classification, identify the most critical data, and then start working backward in the five pillars of zero trust, and then start achieving some sort of a zero trust maturity level for those data, those crown jewel data that the organization is trying to protect, the system related to it, the workflow, the network associated with it, the people. So essentially that working backward to ensure that proper resource has been applied to the most critical element. Once that's been done, then at the very least, let's say if the zero trust terminology is going away next year, then at the very least that has been protected. The most critical data has been protected. So that has been what I go around, talk to people using my personal approach. My lessons learned. I went through the same approach left to right. But then I realized that the most critical way, the most efficient way is actually focusing on data first and then work backwards. If one were to look to adopt dual trust architecture.
[00:43:04] Speaker B: This is KBCast, the voice of cyber. Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today.
This episode is brought to you by Merckset, your smarter route to security talent Mercksec's executive search has helped enterprise organizations find the right people from around the world since 2012. Their Ondemand Talent acquisition team helps startups and midsize businesses scale faster and more efficiently. Find out
[email protected] today.
